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REMARKS 

By this amendment, Claims 1, 2, 10, 18, 19, 20, and 28 are amended. Dependent 
Claims 29-36 have been added. No claims have been canceled. Hence, Claims 1-36 are 
pending in the application. 

Each issue raised in the Office Action mailed September 26, 2007, is addressed 
hereinafter. 

I. ISSUES RELATING TO CLAIM AMENDMENTS 

The amendments to the claims as indicated herein do not add any new matter to this 
application. Furthermore, amendments made to the claims as indicated herein have been 
made to exclusively improve readability and clarity of the claims and not for the purpose of 
overcoming alleged prior art. 

Support for the amendments made to the claims can be found in the at least the 
following paragraphs of the Specification: Paragraph [0012] ("Under RFC 792, IPv4 ICMP 
error packets comprise a copy of the IP header of the original packet that generated an error, 
and at least eight (35) bytes of data from the payload of the original IP packet."); and 
Paragraph [0030] ("[T]he first eight bytes of the TCP header contain two port number values 
and a TCP sequence number relating to the TCP connection between two network nodes."). 

II. ISSUES RELATING TO CITED PRIOR ART 

A. CLAIMS 1-28 —TALPADE in view of FAN 

Claims 1-28 are rejected under 35 U.S.C. § 103(a) as allegedly obvious over U.S. 
Pub No. 2004/0148520, by Talpade, et al. ("Talpade"), in view of U.S. Patent No. 
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6,219,706, issued to Fan et al ("Fan"). Based on the following arguments, the rejections are 
respectfully traversed. 

Independent Claim 1 recites: 

receiving an ICMP packet, wherein a data field within the 
ICMP packet includes a portion of a header 
associated with a connection in a connection-oriented 
transport protocol, and wherein the portion of the 
header includes a packet sequence value associated 
with the connection; 

obtaining the packet sequence value from the header; 

determining if the packet sequence value is valid; and 

responding to the ICMP packet by updating a parameter 
value associated with the transport protocol 
connection only if the packet sequence value is 
determined to be valid. 

(Emphases added.) Claim 1 presents a method for preventing an attack on a network by 

performing the steps recited therein. One embodiment of the method, as performed, 

prevents an invalid ICMP packet from triggering possibly unnecessary and harmful 

updating of transport protocol parameters. According to one embodiment, a portion of a 

TCP header is embedded within a data field of an ICMP packet. The portion of the 

TCP header, as embedded in the ICMP packet, includes a sequence value that is 

associated with the TCP connection. The validity of the sequence value is determined. 

The ICMP packet is responded to only if the packet sequence value is valid, wherein 

the response comprises the updating of a parameter value associated with the TCP 

connection. For example, a possible response to a valid ICMP packet is the adjustment 

of the MTU value for the particular TCP connection. 

No combination of Talpade in view of Fan discloses each and every express 

element of Claim 1 . Talpade merely describes sensors that monitor all traffic entering 
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the customer networks. (Talpade, Paragraphs [0017]). The sensors track packet type 
information relating to TCP, UDP, ICMP, and IP packets following into the customer 
network. (Talpade, Paragraphs [0020]).) The sensor filters analyze the packet headers of 
the TCP, UDP, ICMP, and IP packets for invalid field values. In contrast to Claim 1, 
Talpade does not teach or disclose the examining of the contents the data fields of 
any ICMP packets that are tracked. Accordingly, Talpade does not teach or suggest 
obtaining and examining a packet sequence value from a header that is included within 
the data field of an ICMP packet, as recited in Claim 1 . In addition, Talpade also fails 
to teach another express element of Claim 1, namely "responding to the ICMP packet by 
updating a parameter value associated with the transport protocol connection only if the 
packet sequence value is determined to be valid." 

Fan fails to "fill the gaps" left by Talpade with regard to Claim 1 . Fan describes 
a firewall that examines the packet sequence number of a TCP packet to determine 
whether it falls within a defined range of sequences. Nothing in Fan describes any TCP 
headers that are included within a data field of any ICMP packet, as recited in Claim 
1. In addition, nothing in Fan describes any conditional response to an ICMP packet. 
Accordingly, Fan does not teach or suggest responding to the ICMP packet by updating 
a parameter value associated with the transport protocol connection only if the 
sequence number is valid, as recited in Claim 1 . 

Because the combination of Talpade and Fan does not teach one or more express 
elements of Claim 1, it is respectfully submitted that Claim 1 is patentable over Talpade 
in view of Fan. 

Independent Claims 10, 18, 19, and 28 include features similar to Claim 1, except 
in the context of computer-readable media, in means-plus-function form, or as an 
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apparatus claim. It is therefore respectfully submitted that Claims 10, 18, 19, and 28 are 
patentable over Talpade in view of Fan for at least the reasons given above with respect 
to Claim 1. 

Claims 29-36, 11-17, and 20-27 are dependent claims, each of which depends 
(directly or indirectly) on Claims 10, 18, 19, and 28. In addition, each of Claims 29-36, 
11-17, and 20-27 introduces one or more additional features that independently render it 
patentable. Due to the fundamental differences already identified, to expedite the 
positive resolution of this case, a separate discussion of the features of Claims 29-36, 1 1- 
17, and 20-27 is not included at this time. The Applicant reserves the right to further 
point out the differences between the cited art and the novel features recited in the 
dependent claims. 

In view of the foregoing, it is respectfully asserted that the claims are now in 
condition for allowance. 

CONCLUSION 

For the reason set forth above, all of the pending claims are in condition for 
allowance. The Examiner is respectfully requested to contact the undersigned by 
telephone relating to any issue that would advance examination of the present 
application. 

A petition for extension of time for one (1) month, and otherwise for the time 
necessary to make this reply timely filed, is hereby made under 37 C.F.R. 1.136. The 
extension of time fee is submitted concurrently herewith. If any applicable fee is missing 
or insufficient, throughout the pendency of this application, the Commissioner is hereby 
/// 
/// 
/// 
/// 
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authorized to any applicable fees and to credit any overpayments to our Deposit Account 
No. 50-1302. 



Respectfully submitted, 

HICKMAN PALERMO TRUONG & BECKER LLP 



Dated: January 15. 2008 /RhysWCheung#58648/ 

Rhys W. Cheung 
Reg. No. 58,648 

2055 Gateway Place, Suite 550 
San Jose, CA 95110 
Direct: (408) 754-1450 
Facsimile: (408) 414-1076 
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